Murphy USA stations in Conway Arkansas and Durant, Oklahoma were also affected. It is unclear if this is related to the breach that occurred at Murphy USA gas stations in 2011 in Virginia.

Two men pleaded guilty to one count each of conspiracy to commit wire fraud. They placed skimming devices on gas pumps at Murphy USA station in Conway and Little Rock, Arkansas as well as Durant, Oklahoma. This allowed them to collect credit card information and create fraudulent credit cards. The breach occurred between April 2012 and January 2013 and led to fraudulent charges of about $400,000. It's estimated that between 50 and 500 people were affected.

Information Source:
Media

records from this breach used in our total:
0

September 23, 2013

Columbia University Medical Center (CUMC)New York, New York

MED

DISC

407

An Excel file with the names and Social Security numbers of 407 medical students was accidentally attached to an email that was sent to medical students interested in a residency match list. The Excel column that contained the Social Security numbers was hidden and still accessible. The issue was discovered in March for the 2013 list and it was later discovered that the same issue had occurred in 2008 and 2009.

Information Source:
Databreaches.net

records from this breach used in our total:
407

September 23, 2013

Stanford UniversityStanford, California

EDU

HACK

Unknown

Stanford University ID holders (SUNet) users had their account passwords and other information exposed. The breach occurred sometime during the summer of 2013 and continued into the fall. The full extent of the breach was not revealed. SUNet users were instructured to change their passwords before accessing the system again.

Information Source:
Media

records from this breach used in our total:
0

September 23, 2013

Summit Community Care ClinicFrisco, Colorado

MED

DISC

921 (No Social Security numbers or financial information reported)

An administrative error led to the exposure of patient email addresses. Email addresses were placed in the visible "TO:" field instead of the blind "BCC:" field. The email was an invitation to a monthly patient advisory meeting and was sent on July 22.

Hackers were able to access an underground database of stolen consumer information. It was discovered that the network was set up to receive information from internal systems at several large data brokers. LexisNexis was one of the data brokers that was affected and discovered that their networks may have been compromised for at least five months. Dun & Bradstreet discovered that their systems had been compromised as far back as March 27, 2013. The breach of Kroll Background America, Inc. had began as far back as June 2013.

The computer server of Virginia Tech's Department of Human Resources was accessed on August 28. The information of people who applied online to Virginia Tech between 2003 and 2013 may have been accessed. No Social Security numbers or financial information was exposed. A total of 16,642 job applicants had their driver's license numbers exposed. The remaining job applicants had not submitted this information.

Information Source:
Media

records from this breach used in our total:
0

September 28, 2013

State FarmBloomington, Illinois

BSF

INSD

687 (11 customers confirmed affected)

State Farm became aware of fraudulent charges on a customer's credit card a few days after the card was used to pay for insurance policies. A former employee at an after-hours call center was found to have misused the credit card information of at least 11 customers. The dishonest employee had also worked with 687 other customers.

ICG America Learned that its payment processing system was the target of a cyber attack. The attack began on January 2, 2013 and continued until August 2, 2013. Customers who made purchases from companies operated by ICG America may have had their names, credit card and debit card numbers, expiration dates, CVV codes, addresses, and email addresses exposed.

Unique Vintage's website was accessed by malware between January of 2012 and September 14, 2013. Customer names, emails, credit card numbers, and phone numbers may have been accessed.

Information Source:
California Attorney General

records from this breach used in our total:
0

September 30, 2013

The New Teacher ProjectBrooklyn, New York

NGO

PORT

Unknown

The July 27 or 28 office theft of an unencrypted laptop resulted in the exposure of current and former employee information. Names, Social Security numbers, dates of birth, and employee ID numbers were exposed.

Information Source:
Databreaches.net

records from this breach used in our total:
0

September 30, 2013

Sentry Life Insurance, Department of LaborStevens Point, Wisconsin

BSF

DISC

Unknown

Sentry Life Insurnace discovered that several forms sent to the Department of Labor contained an attachments with names, Social Security numbers, and in a few cases, 401k account balances. The Department of Labor uploaded the forms to a public website before Sentry's discovery. The discovery was made on July 2 and a letter was sent on July 11 to the Maryland Attorney General's Office on behalf of Sentry.

Information Source:
Databreaches.net

records from this breach used in our total:
0

September 30, 2013

Denny'sPhoenix, Arizona

BSR

PHYS

200

Job applications from a Denny's in Phoenix were found in a dumpster behind the Denny's. The paperwork dated back to August of 2012. The information included addresses, Social Security numbers, and other information normally found on job applications. The manager said there was a mistake and that similar paperwork is usually shredded.

Information Source:
Databreaches.net

records from this breach used in our total:
200

October 1, 2013

R.T. Jones Capital Equities Management Inc.St. Louis, Missouri

BSF

HACK

800

R.T. Jones learned of a cyber attack that occurred on July 22, 2013. On August 7, 2013, it was discovered that an unauthorized party was able to access a database that contained names, Social Security numbers, and dates of birth. At least 800 people were affected in Maryland. It is unclear how many were affected nationwide.

Information Source:
Media

records from this breach used in our total:
800

October 1, 2013

McHenry County College, EllucianCrystal Lake, Illinois

EDU

DISC

Unknown

McHenry County College's software vendor Ellucian accidentally sent the personal information of current and former McHenry County College students and staff to three other junior colleges. Social Security numbers and other information were sent to Morton, Prairie State, and Triton.

Information Source:
Media

records from this breach used in our total:
0

October 1, 2013

JP Morgan ChaseNew York, New York

BSF

DISC

Unknown

JP Morgan Chase customers received a privacy notification in early September. A labeling error caused the Social Security numbers of customers to be printed on the outside of the notification letter. A lawsuit was filed against JP Morgan Chase on behalf of affected customers. The lawsuit claims that JP Morgan did not immediately notify its customers and should have prevented the breach from happening. The case is Alexander Furman et al v JP Morgan Chase & Co et al, No. 13-cv-06749, U.S. District Court, Northern District of Illinois.

Information Source:
Media

records from this breach used in our total:
0

October 1, 2013

Atlanta Center for Reproductive MedicineAtlanta, Georgia

MED

DISC

654 (No Social Security numbers or financial information reported)

Atlanta Center for Reproductive Medicine became aware of a breach on July 12. The breach involved email and it is not clear exactly how patient information was exposed or what type of information was involved.

A breach that involved either unauthorized access to ACO of Puerto Rico's network or an unintentional disclosure of patient information online occurred between March 5 and July 16 of 2013.

Information Source:
HHS via PHIPrivacy.net

records from this breach used in our total:
0

October 1, 2013

Dermatology Associates of TallahasseeTallahassee, Florida

MED

UNKN

916

A breach caused the exposure of patient information; Dermatology Associates of Tallahassee notified patients on September 4. Patient names, Social Security numbers, addresses, and dates of birth were compromised. It is unclear how the breach occurred.

Information Source:
HHS via PHIPrivacy.net

records from this breach used in our total:
916

October 2, 2013

Santa Clara Valley Medical CenterSan Jose, California

MED

PORT

571 (No Social Security numbers were exposed)

The theft of an unencrypted laptop from the audiology department of Santa Clara Valley Medical Center resulted in the exposure of patient names, medical record numbers, dates of birth, ages, sex, dates of service, and brainwave tests. The theft was discovered on September 16.

Information Source:
Media

records from this breach used in our total:
0

October 2, 2013

UnityPoint HealthWest Des Moines, Iowa

MED

INSD

1,800 (less than 180 Social Security numbers exposed)

Those with questions may call (877) 223-3817.

A breach was discovered on August 8 during the course of a routine audit. It was discovered that a contractor accessed UnityPoint's EMR system without a legitimate reason. An employee gave computer passwords to an employee of another company that provides care to patients. Names, medical insurance account numbers, home addresses, dates of birth and other health information was accessed between February of 2013 and August of 2013.

The California Public Utilities Commission launched an investigation into the unauthorized disclosure and publication of Comcast subscribers' unlisted names, telephone numbers and addresses to determine whether Comcast violated the laws, rules, and regulations of California.

UPDATE (8/25/2014): An evidentiary hearing has been scheduled in this case for September 2014 to investigate whether or not Comcast broke the law.

Information Source:
Government Agency

records from this breach used in our total:
74,000

October 3, 2013

Windhaven Investment ManagementBoston, Massachusetts

BSF

HACK

419

Windhaven Investment discovered a breach of their server in August of 2013. Client names, account numbers, custodians, investment positions, and other account information may have been accessed by an unauthorized party. The breach may have occurred earlier than August. At least 419 New Hampshire residents were affected. The total number of people affected nationwide was not revealed.

Information Source:
Databreaches.net

records from this breach used in our total:
419

October 3, 2013

Mercy Health Systems, AllscriptsBaltimore, Maryland

MED

STAT

25 (No Social Security numbers or financial information reported)

An unencrypted hard drive was discovered missing on January 14, 2013. It held the names, health plan beneficiary numbers, diagnoses, medical record numbers, and account numbers of 25 Mercy Health Systems patients. The hard drive was last seen by Mercy Health Systems' transcription contractor, Allscripts. Mercy Health Systems learned of the issue on February 14, 2013.

Information Source:
PHIPrivacy.net

records from this breach used in our total:
0

October 3, 2013

Tri-State Surgical AssociatesElkton, Maryland

MED

INSD

433

An unauthorized staff member provided a physician with the information of 433 patients on July 18. The information included names, Social Security numbers, addresses, phone numbers for home and work, dates of birth, sex, languages spoken, employers, emergency contacts, emergency phone numbers, emergency contact relationship, guarantor information, and insurance information.

UPDATE (10/11/2013): Hackers kept the source code on a hidden, but unencrypted server.

UPDATE (10/21/2013): A second breach related to the initial one in early October caused Adobe to reset client passwords.

UPDATE (10/29/2013): An investigation revealed that the encrypted passwords of approximately 38 million active users were also exposed. Adobe IDs were also compromised and were reset by Adobe after the breach.

UPDATE (11/20/2013): Around 42 million passwords for the Australian-based online dating service Cupid Media were also found on the same server that contained stolen Adobe, PR Newswire, and National White Collar Crime Center information.

UPDATE (11/25/2013): Some estimate that 152 million Adobe ID accounts were in a file that began circulating the internet in late October. Adobe systems Inc has encountered delays in trying to notify all customers of the issue since it was discovered 10 weeks ago.

Information Source:
Media

records from this breach used in our total:
2,900,000

October 4, 2013

Buckeye Check CashingDublin, Ohio

BSF

PORT

Unknown

The June 27 car theft of a laptop resulted in the exposure of customer information. Names, Social Security numbers, addresses, and bank account information were exposed.

Information Source:
California Attorney General

records from this breach used in our total:
0

October 4, 2013

NHC Healthcare Oak RidgeOak Ridge, Tennessee

MED

PORT

Unknown

An unencrypted backup tape was discovered missing. It contained patient names, Social Security numbers, dates of birth, home addresses, and medical information.

Information Source:
Media

records from this breach used in our total:
0

October 4, 2013

PLS Financial ServicesChicago, Illinois

BSF

DISC

Unknown

A programming error that occurred on July 11, 2013 allowed 34 visitors to PLS Financial Services' website to view the names, Social Security numbers, addresses, and email addresses of PLS Financial Services customers. The error was discovered on July 26 and quickly fixed.

Information Source:
Media

records from this breach used in our total:
0

October 4, 2013

Bell HelicopterHurst, Texas

BSO

HACK

Unknown

On July 3, Bell Helicopter learned that some people who attended Bell Helicopter Training Academy were receiving phishing emails from a source claiming to be Bell. It appears that Bell's database of attendee information was accessed by a cyber intruder. Attendees may have had their email addresses and credit card numbers exposed.

Information Source:
Media

records from this breach used in our total:
0

October 6, 2013

CaroMont HealthGastonia, North Carolina

MED

DISC

1,310 (No Social Security numbers of financial information reported)

An email with patient information was sent to an unauthorized person. Names, dates of birth, addresses, diagnoses, and medications were exposed.

Information Source:
Media

records from this breach used in our total:
0

October 7, 2013

PayJunctionSanta Barbara, California

BSF

HACK

Unknown

A number of sales agents were affected when a data backup of PayJunction's internal business system was inappropriately accessed. The unauthorized access occurred in July and was discovered in late September.

Information Source:
Databreaches.net

records from this breach used in our total:
0

October 7, 2013

WalgreensAnaheim, California

BSR

STAT

Unknown

A breach at a Walgreens in Anaheim resulted in the exposure of customer information. Thieves stole a computer and paper records in December of 2012. The theft was discovered on December 31 and occurred on December 28. The burglary occurred in Crescent's billing center. Names, Social Security numbers, addresses, phone numbers, health insurance information, dates of birth, and medical information were exposed.

A former employee removed paper copies of daily patient schedules from Rothman Institute on August 11. The paper copies were taken without permission and were not used for malicious purposes. Patients who were seen between March 18 and May 10 may have had their names, telephone numbers, dates of birth, locations, staff or physician seen, codes for insurance companies, copay amounts, dates and times of appointments, reasons for visits, and internal-use chart, and code numbers exposed. Social Security numbers and credit card information were not exposed. The information was not shared with unauthorized parties.

On August 8, Saint Louis University learned that about 10 employees had their direct deposit information changed after several malicious phishing emails were sent to employees on July 25. About 20 phishing emails were sent and several employees provided their account information. No unauthorized transactions have occurred because of the email scam. Additionally, patients who were treated or reviewed at facilities owned by the Tenet Healthcare Corporation or SSM Health Care may have had their information exposed.

Information Source:
Media

records from this breach used in our total:
200

October 9, 2013

Minnesota Counties Insurance TrustSt. Paul, Minnesota

BSF

INSD

3,000 (No Social Security numbers or financial information reported)

An employee working as a child support officer is accused of making more than 4,000 queries without legitimate cause in a driver and vehicle services database between 2010 and 2011. Photographs, addresses, and driving records may have been exposed.

UPDATE (10/04/2013): A $2 million settlement has been proposed to end a class action lawsuit. An insurance trust representing Minnesota counties will pay $500 to the named plaintiffs who initially brought the suit and those who had their information viewed for illegitimate purposes will receive a share of the money "based on the number of times they were illegitimately searched."

Information Source:
Media

records from this breach used in our total:
0

October 9, 2013

University of California San Francisco Medical Center (UCSF)San Francisco, California

MED

PORT

3,541 (Unknown number of Social Security numbers exposed)

A total of 3,541 patients were affected by the September 10 theft of an unencrypted laptop from an employee's vehicle. A subset of the 3,541 patients who were affected had their Social Security numbers exposed.

UPDATE (10/08/2013): Paper documents with patient names, Social Security numbers, dates of birth, and medical information were also stolen.

Information Source:
Media

records from this breach used in our total:
0

October 9, 2013

Holy Cross HospitalFort Lauderdale, Florida

MED

INSD

9,900

Nearly 9,900 former Holy Cross Hospital patients were affected by a breach that involved a dishonest employee filing fraudulent tax returns. Names, Social Security numbers, dates of birth, and addresses were exposed between November 2011 and August 2013.

An employee of All Source Medical Management was arrested on suspicion of stealing the credit card information of multiple patients. The dishonest former employee later admitted to using patient address and credit card numbers to make fraudulent purchases with a co-conspirator. It is unclear if other clinics and hospitals were affected.

UPDATE (12/16/2013): A total of 1,456 patients were affected. The data was stolen sometime between January 1, 2013 and October 4.

Information Source:
PHIPrivacy.net

records from this breach used in our total:
1,456

October 10, 2013

NordstromAventura, Florida

BSR

CARD

Unknown

Six skimmers were found on registers in one Nordstrom store in Aventura. Six people were seen tending to the devices on the afternoon of October 5. They came in groups of three and distracted sales people while tampering with the registers, twice. Skimmers and tiny cameras were installed to collect credit card information. The information can be used to make fraudulent credit cards.

Information Source:
Media

records from this breach used in our total:
0

October 10, 2013

Petrochem Insulation, ASRC Energy ServicesSan Francisco, California

BSO

PORT

Unknown

The July 18 theft of a laptop from an employee's car resulted in the exposure of employee information. The laptop contained personnel spreadsheets with employee names, Social Security numbers, and employee identification numbers.

Information Source:
Media

records from this breach used in our total:
0

October 10, 2013

NHC HealthcareOak Ridge, Tennessee

MED

PORT

Unknown

Those with questions may call (888) 568-8578.

An unencrypted backup tape was discovered missing. It contained the names, Social Security numbers, dates of birth, home addresses, and medical information of patients.

Information Source:
Databreaches.net

records from this breach used in our total:
0

October 10, 2013

City of Wichita - Electronic Procurement WebsiteWichita, Kansas

GOV

HACK

29,000

Hackers accessed the city of Wichita's electronic procurement website. Current and former vendors who had worked with the city and employees who had been reimbursed for expenses since 1997 were affected. Social Security numbers, taxpayer ID numbers, and bank account information may have been exposed.

UPDATE (11/22/2013): This breach was a result of the Dun & Bradstreet Credibility Corp. breach. Nearly 29,000 local vendors and employers were affected by the hacking incident that occurred during the weekend of October 5.

Information Source:
Media

records from this breach used in our total:
29,000

October 10, 2013

Legal Aid Society of San Mateo CountyRedwood City, California

NGO

PORT

Unknown

The August 12 office burglary of 10 laptops resulted in the exposure of client information. The laptops were used by Legal Aid Society attorneys to assist individuals in getting services. Names, Social Security numbers, dates of birth, medical information, and health information may have been exposed.

Information Source:
California Attorney General

records from this breach used in our total:
0

October 11, 2013

Google ChromeMountain View, California

BSO

DISC

Unknown

A data management firm discovered that Chrome browser users may have had their personal information stored on the hard drives of their computers without their knowledge or consent. Google Chrome regularly stores names, street addresses, email addresses, phone numbers, bank account numbers, credit card numbers, and Social Security numbers in web browsers for later use. It was not known that Chrome's cache also stores the information in plain text.

Information Source:
Media

records from this breach used in our total:
0

October 11, 2013

Hope Family HealthWestmoreland, Tennessee

MED

PORT

8,000

The August 4 theft of an unencrypted laptop from an employee's home may have resulted in the exposure of patient information. Current and former patients may have had their names, Social Security numbers, dates of birth, and billing addresses exposed. The information came from financial records, patient account information, and billing records dating back to 2005.

Information Source:
Media

records from this breach used in our total:
8,000

October 11, 2013

Monterey County Department of Social ServicesSalinas, California

GOV

HACK

Unknown

A Monterey County computer was compromised during the evening of March 17. It was connected to the California State Network and contained the information of individuals who received public assistance benefits through Monterey County Department of Social Services between 2002 and 2009. First and last names, Social Security numbers, addresses, phone numbers, and dates of birth were exposed.

Two dishonest nurse aides gathered information from at least 12 patients in order to file fraudulent tax returns. The breach occurred between September of 2011 and April of 2013. Some of the patients were from Sentara Virginia Beach General Hospital. The nurses' aides were indicted on charges of conspiracy to defraud the government.

Information Source:
PHIPrivacy.net

records from this breach used in our total:
3,700

October 12, 2013

Gordon Supply CompanyGlenside, Pennsylvania

BSF

HACK

400

A woman found two bags of personnel records in her backyard in mid-August. The woman called the cops after discovering the sensitive information. Social Security numbers, driver's license photos, addresses, phone numbers, medical information, dates of birth, emergency contacts, payroll history, and tax documents were exposed. The breach occurred after the building was abandoned and the files were not checked before being discarded. An estimated 400 people were affected.

Information Source:
Media

records from this breach used in our total:
400

October 13, 2013

PR NewswireNew York, New York

BSO

HACK

Unknown

Customer usernames and encrypted passwords were accessed and taken by hackers on or after March 8, 2013. Hackers may have had access to the news release services of companies that use PR Newswire. The breach is related to the Adobe hack that was revealed in early October of 2013.

Memorial Hospital of Lafayette learned on August 6 that some patients had their financial statements sent to other people. The mistake was caused by an error in the settings of an unnamed third-party billing vendor's system. Patients who were seen at the hospital as far back as 2001 may have had their information sent to the wrong address. Patient names, addresses, identificaiton numbers, account numbers, dates of services, and the charges associated with services received were exposed.